CallPico
Legal

Privacy

Last updated May 12, 2026

We treat your data the way we'd want ours treated. This page summarizes what we collect, how we protect it, and the controls you have. The engineering source-of-truth lives in our openPRIVACY.md reference.

What we collect

Account email, password hash, display name, locale, ToS / Privacy acceptance timestamps; session tokens (hashed); your phone lines (E.164, country, capabilities, label); message bodies (stored as AES-256-GCM ciphertext); call metadata (direction, duration, counterparty); voicemail audio + transcripts; contacts; push tokens; Stripe customer ID + subscription state; an append-only audit log.

What we never collect

  • Plaintext passwords. Ever.
  • Credit card data — Stripe / Apple / Google hold this directly.
  • Voice call audio (we don't record calls; only voicemails).
  • Microphone / camera access outside an active call or voicemail.
  • Browsing or location data.

Your rights

  • Access + portability. Request a full JSON export of every row tied to your account, with messages decrypted.
  • Erasure. Delete your account in-app. Soft-delete is immediate; hard-delete runs 30 days later and releases all Twilio numbers + cancels your Stripe subscription.
  • Rectification. Update any account or per-resource data in-app.
  • Restriction. Sign out to revoke the active session token without losing your data.

Retention

  • Active account data: as long as the account is active.
  • Soft-deleted accounts: 30 days, then hard-deleted.
  • Voicemail audio: 90 days, then lifecycle-deleted.
  • Backup snapshots: 30 days.
  • Revoked auth sessions: 90 days for fraud investigation, then purged.
  • Audit log: indefinite, anonymized after hard-delete.

Subprocessors

  • Twilio — telecom (SMS, voice, voicemail)
  • Stripe — subscription billing
  • AWS — compute, Postgres, Redis, S3, KMS
  • SendGrid — transactional email
  • Sentry — error reporting; PII redacted before send

Cross-border transfers

Production runs in AWS us-east-1. EEA users' data is processed under Standard Contractual Clauses with Twilio, Stripe, and AWS.

Contact

Data subject requests: privacy@callpico.io. We respond within 30 days.